@{HOME}/.cache -> @{user_cache_dirs}

This commit is contained in:
Alexandre Pujol 2021-04-01 17:20:05 +01:00
parent 091d20d086
commit 1c9fc00c13
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
86 changed files with 266 additions and 266 deletions

View File

@ -12,7 +12,7 @@
deny owner @{run}/user/[0-9]*/dconf/{,**} rw, deny owner @{run}/user/[0-9]*/dconf/{,**} rw,
deny owner @{HOME}/.config/dconf/{,**} rw, deny owner @{HOME}/.config/dconf/{,**} rw,
deny owner @{HOME}/.cache/dconf/{,**} rw, deny owner @{user_cache_dirs}/dconf/{,**} rw,
# When GSETTINGS_BACKEND=keyfile # When GSETTINGS_BACKEND=keyfile
deny owner @{HOME}/.config/glib-2.0/ rw, deny owner @{HOME}/.config/glib-2.0/ rw,

View File

@ -10,11 +10,11 @@
# fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use # fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
# the "fontconfig-cache-write" abstraction. # the "fontconfig-cache-write" abstraction.
owner @{HOME}/.cache/fontconfig/ r, owner @{user_cache_dirs}/fontconfig/ r,
deny @{HOME}/.cache/fontconfig/ w, deny @{user_cache_dirs}/fontconfig/ w,
deny @{HOME}/.cache/fontconfig/** w, deny @{user_cache_dirs}/fontconfig/** w,
owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.fontconfig/ r, owner @{HOME}/.fontconfig/ r,
deny @{HOME}/.fontconfig/ w, deny @{HOME}/.fontconfig/ w,

View File

@ -4,9 +4,9 @@
abi <abi/3.0>, abi <abi/3.0>,
owner @{HOME}/.cache/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/ rw,
owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk, owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,
owner @{HOME}/.fontconfig/ rw, owner @{HOME}/.fontconfig/ rw,
owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,

View File

@ -40,8 +40,8 @@
#owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9], #owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9],
# Common cache files # Common cache files
#owner @{HOME}/.cache/icon-cache.kcache rw, #owner @{user_cache_dirs}/icon-cache.kcache rw,
#owner @{HOME}/.cache/ksycoca5_* r, #owner @{user_cache_dirs}/ksycoca5_* r,
# Think what to do about this #FIXME# # Think what to do about this #FIXME#
# It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following. # It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following.

View File

@ -8,6 +8,6 @@
owner @{HOME}/thumbnails/{large,normal}/ r, owner @{HOME}/thumbnails/{large,normal}/ r,
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png r, owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png r,
owner @{HOME}/.cache/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/ r,
owner @{HOME}/.cache/thumbnails/{large,normal}/ r, owner @{user_cache_dirs}/thumbnails/{large,normal}/ r,
owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png r, owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png r,

View File

@ -7,9 +7,9 @@
owner @{HOME}/thumbnails/ rw, owner @{HOME}/thumbnails/ rw,
owner @{HOME}/thumbnails/{large,normal}/ rw, owner @{HOME}/thumbnails/{large,normal}/ rw,
owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],
owner @{HOME}/.cache/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/ rw,
owner @{HOME}/.cache/thumbnails/{large,normal}/ rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw,
owner @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],

View File

@ -28,14 +28,14 @@
/usr/share/** r, /usr/share/** r,
/{media,mnt,opt,srv}/** r, /{media,mnt,opt,srv}/** r,
owner @{HOME}/.cache/mesa/** rwk, owner @{user_cache_dirs}/mesa/** rwk,
owner @{HOME}/.cache/thumbnails/** rw, owner @{user_cache_dirs}/thumbnails/** rw,
owner @{HOME}/.cache/totem/ rw, owner @{user_cache_dirs}/totem/ rw,
owner @{HOME}/.cache/totem/** rwk, owner @{user_cache_dirs}/totem/** rwk,
owner @{HOME}/.cache/totem-* rwk, owner @{user_cache_dirs}/totem-* rwk,
owner @{HOME}/.cache/tracker/db-locale.txt r, owner @{user_cache_dirs}/tracker/db-locale.txt r,
owner @{HOME}/.cache/tracker/meta.db{,-shm,-journal,-wal} rwk, owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk,
owner @{HOME}/.cache/tracker/ontologies.gvdb r, owner @{user_cache_dirs}/tracker/ontologies.gvdb r,
owner @{HOME}/.config/totem/ rwk, owner @{HOME}/.config/totem/ rwk,
owner @{HOME}/.config/totem/** rwk, owner @{HOME}/.config/totem/** rwk,
owner @{HOME}/.local/share/grilo-plugins/ rwk, owner @{HOME}/.local/share/grilo-plugins/ rwk,

View File

@ -4,11 +4,11 @@
abi <abi/3.0>, abi <abi/3.0>,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/vlc/ rw, owner @{user_cache_dirs}/vlc/ rw,
owner @{HOME}/.cache/vlc/art/ rw, owner @{user_cache_dirs}/vlc/art/ rw,
owner @{HOME}/.cache/vlc/art/artistalbum/ rw, owner @{user_cache_dirs}/vlc/art/artistalbum/ rw,
owner @{HOME}/.cache/vlc/art/artistalbum/**/ rw, owner @{user_cache_dirs}/vlc/art/artistalbum/**/ rw,
owner @{HOME}/.cache/vlc/art/artistalbum/**/art rw, owner @{user_cache_dirs}/vlc/art/artistalbum/**/art rw,
owner @{HOME}/.cache/vlc/art/artistalbum/**/art.jpg rw, owner @{user_cache_dirs}/vlc/art/artistalbum/**/art.jpg rw,

View File

@ -133,22 +133,22 @@ profile android-studio @{exec_path} {
owner @{HOME}/.config/Google/ rw, owner @{HOME}/.config/Google/ rw,
owner @{HOME}/.config/Google/** rwk, owner @{HOME}/.config/Google/** rwk,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner "@{HOME}/.cache/Android Open Source Project/" rw, owner "@{user_cache_dirs}/Android Open Source Project/" rw,
owner "@{HOME}/.cache/Android Open Source Project/**" rw, owner "@{user_cache_dirs}/Android Open Source Project/**" rw,
owner @{HOME}/.cache/Google/ rw, owner @{user_cache_dirs}/Google/ rw,
owner @{HOME}/.cache/Google/** rwk, owner @{user_cache_dirs}/Google/** rwk,
# To remove the following error: # To remove the following error:
# Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp # Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp
# java.io.IOException: Cannot run program # java.io.IOException: Cannot run program
# "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied # "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix, owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix,
# #
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk, owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk,
owner @{HOME}/.cache/JNA/ rw, owner @{user_cache_dirs}/JNA/ rw,
owner @{HOME}/.cache/JNA/** rw, owner @{user_cache_dirs}/JNA/** rw,
owner @{HOME}/.gradle/ rw, owner @{HOME}/.gradle/ rw,
owner @{HOME}/.gradle/** mrwkix, owner @{HOME}/.gradle/** mrwkix,

View File

@ -93,18 +93,18 @@ profile calibre @{exec_path} {
owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw, owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw,
owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk, owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/calibre/ rw, owner @{user_cache_dirs}/calibre/ rw,
owner @{HOME}/.cache/calibre/** rwkl -> @{HOME}/.cache/calibre/**, owner @{user_cache_dirs}/calibre/** rwkl -> @{user_cache_dirs}/calibre/**,
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner /tmp/calibre_*_tmp_*/{,**} rw, owner /tmp/calibre_*_tmp_*/{,**} rw,
owner /tmp/calibre-*/{,**} rw, owner /tmp/calibre-*/{,**} rw,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_LIBDIR} = /usr/share/discord
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord @{DISCORD_HOMEDIR} = @{HOME}/.config/discord
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
@{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord @{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord
profile discord @{exec_path} { profile discord @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_LIBDIR} = /usr/share/discord
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord @{DISCORD_HOMEDIR} = @{HOME}/.config/discord
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
@{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox @{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox

View File

@ -33,8 +33,8 @@ profile filezilla @{exec_path} {
owner @{HOME}/.config/filezilla/ rw, owner @{HOME}/.config/filezilla/ rw,
owner @{HOME}/.config/filezilla/* rwk, owner @{HOME}/.config/filezilla/* rwk,
owner @{HOME}/.cache/filezilla/ rw, owner @{user_cache_dirs}/filezilla/ rw,
owner @{HOME}/.cache/filezilla/default_*.png rw, owner @{user_cache_dirs}/filezilla/default_*.png rw,
/usr/share/filezilla/{,**} r, /usr/share/filezilla/{,**} r,

View File

@ -57,8 +57,8 @@ profile okular @{exec_path} {
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/okular/{,**} rw, owner @{user_cache_dirs}/okular/{,**} rw,
/usr/share/okular/{,**} r, /usr/share/okular/{,**} r,
/usr/share/kxmlgui5/okular/{,*} r, /usr/share/kxmlgui5/okular/{,*} r,

View File

@ -33,9 +33,9 @@ profile spotify @{exec_path} {
owner @{HOME}/.config/spotify/ rw, owner @{HOME}/.config/spotify/ rw,
owner @{HOME}/.config/spotify/** rw, owner @{HOME}/.config/spotify/** rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/spotify/ rw, owner @{user_cache_dirs}/spotify/ rw,
owner @{HOME}/.cache/spotify/** rwk, owner @{user_cache_dirs}/spotify/** rwk,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

View File

@ -11,7 +11,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/thunderbird @{MOZ_LIBDIR} = /{usr/,}lib/thunderbird
@{MOZ_HOMEDIR} = @{HOME}/.thunderbird @{MOZ_HOMEDIR} = @{HOME}/.thunderbird
@{MOZ_CACHEDIR} = @{HOME}/.cache/thunderbird @{MOZ_CACHEDIR} = @{user_cache_dirs}/thunderbird
@{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin} @{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin}
@{exec_path} += /{usr/,}bin/thunderbird @{exec_path} += /{usr/,}bin/thunderbird
@ -83,7 +83,7 @@ profile thunderbird @{exec_path} {
deny @{HOME}/.mozilla/** mrwkl, deny @{HOME}/.mozilla/** mrwkl,
# Cache # Cache
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{MOZ_CACHEDIR}/{,**} rw, owner @{MOZ_CACHEDIR}/{,**} rw,
# Needed for system mails # Needed for system mails

View File

@ -122,7 +122,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/soffice.binrc.lock rwk, owner @{HOME}/.config/soffice.binrc.lock rwk,
owner @{HOME}/.cache/fontconfig/** rw, owner @{user_cache_dirs}/fontconfig/** rw,
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
owner /{,var/}run/user/*/dconf/user rw, owner /{,var/}run/user/*/dconf/user rw,
@ -153,7 +153,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/dev/tty rw, /dev/tty rw,
/usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx, /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx,
owner @{HOME}/.cache/gstreamer-???/** rw, owner @{user_cache_dirs}/gstreamer-???/** rw,
unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this
/usr/lib{,32,64}/jvm/ r, /usr/lib{,32,64}/jvm/ r,
@ -234,7 +234,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/usr/share/plasma/look-and-feel/**/contents/defaults r, /usr/share/plasma/look-and-feel/**/contents/defaults r,
# TODO: remove when rules are available in abstractions/kde # TODO: remove when rules are available in abstractions/kde
owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
@ -243,7 +243,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
# TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar # TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader owner @{user_cache_dirs}/icon-cache.kcache rw, # for KIconLoader
# TODO: remove when rules are available in abstractions/kdeframeworks5 or similar # TODO: remove when rules are available in abstractions/kdeframeworks5 or similar
/usr/share/kservices5/*.protocol r, /usr/share/kservices5/*.protocol r,
@ -256,7 +256,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
owner @{HOME}/.config/QtProject.conf.lock rwk, owner @{HOME}/.config/QtProject.conf.lock rwk,
# TODO: use qt5-compose-cache-write abstraction when it is available # TODO: use qt5-compose-cache-write abstraction when it is available
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r,
# TODO: use recent-documents-write abstraction when it is available # TODO: use recent-documents-write abstraction when it is available
owner @{HOME}/.local/share/RecentDocuments/** r, owner @{HOME}/.local/share/RecentDocuments/** r,

View File

@ -102,9 +102,9 @@ profile vlc @{exec_path} {
owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9], owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9],
owner @{HOME}/.local/share/vlc/{,*} rw, owner @{HOME}/.local/share/vlc/{,*} rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/vlc/{,**} rw, owner @{user_cache_dirs}/vlc/{,**} rw,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

View File

@ -102,10 +102,10 @@ profile aptitude @{exec_path} flags=(complain) {
owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw, owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw,
owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw, owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw,
owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w, owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/aptitude/ rw, owner @{user_cache_dirs}/aptitude/ rw,
owner @{HOME}/.cache/aptitude/metadata-download{,-journal} rw, owner @{user_cache_dirs}/aptitude/metadata-download{,-journal} rw,
owner @{HOME}/.cache/aptitude/metadata-download rwk, owner @{user_cache_dirs}/aptitude/metadata-download rwk,
/{usr/,}bin/sensible-pager rCx -> pager, /{usr/,}bin/sensible-pager rCx -> pager,
# For aptitude-run-state-bundle # For aptitude-run-state-bundle

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev} @{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev}
profile brave @{exec_path} { profile brave @{exec_path} {
@ -94,8 +94,8 @@ profile brave @{exec_path} {
owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw, owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw,
# Cache files # Cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/BraveSoftware/ rw, owner @{user_cache_dirs}/BraveSoftware/ rw,
owner @{BRAVE_CACHEDIR}/{,**/} rw, owner @{BRAVE_CACHEDIR}/{,**/} rw,
owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw, owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw,
owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw, owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw,

View File

@ -4,7 +4,7 @@
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
abi <abi/3.0>, abi <abi/3.0>,

View File

@ -4,7 +4,7 @@
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
abi <abi/3.0>, abi <abi/3.0>,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = /{usr/,}bin/chromium @{exec_path} = /{usr/,}bin/chromium
profile chromium @{exec_path} { profile chromium @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox @{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium
profile chromium-chromium @{exec_path} { profile chromium-chromium @{exec_path} {
@ -91,7 +91,7 @@ profile chromium-chromium @{exec_path} {
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
# Cache files # Cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{CHROMIUM_CACHEDIR}/{,**/} rw, owner @{CHROMIUM_CACHEDIR}/{,**/} rw,
owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw, owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw,
owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw, owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr} @{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla @{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
@{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr} @{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr}
profile firefox @{exec_path} { profile firefox @{exec_path} {
@ -84,12 +84,12 @@ profile firefox @{exec_path} {
owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r, owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
# Cache # Cache
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{MOZ_CACHEDIR}/ rw, owner @{MOZ_CACHEDIR}/ rw,
owner @{MOZ_CACHEDIR}/** rwk, owner @{MOZ_CACHEDIR}/** rwk,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
deny @{sys}/devices/system/cpu/present r, deny @{sys}/devices/system/cpu/present r,
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_LIBDIR} = /{usr/,}lib/firefox
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla @{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
@{exec_path} = @{MOZ_LIBDIR}/crashreporter @{exec_path} = @{MOZ_LIBDIR}/crashreporter
profile firefox-crashreporter @{exec_path} { profile firefox-crashreporter @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_LIBDIR} = /{usr/,}lib/firefox
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla @{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
@{exec_path} = /{usr/,}lib/firefox/minidump-analyzer @{exec_path} = /{usr/,}lib/firefox/minidump-analyzer
profile firefox-minidump-analyzer @{exec_path} { profile firefox-minidump-analyzer @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_LIBDIR} = /{usr/,}lib/firefox
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla @{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
@{exec_path} = @{MOZ_LIBDIR}/pingsender @{exec_path} = @{MOZ_LIBDIR}/pingsender
profile firefox-pingsender @{exec_path} { profile firefox-pingsender @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr} @{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla @{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
@{exec_path} = @{MOZ_LIBDIR}/plugin-container @{exec_path} = @{MOZ_LIBDIR}/plugin-container
profile firefox-plugin-container @{exec_path} { profile firefox-plugin-container @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable}
profile google-chrome-chrome @{exec_path} { profile google-chrome-chrome @{exec_path} {
@ -87,7 +87,7 @@ profile google-chrome-chrome @{exec_path} {
owner @{HOME}/.local/share/.com.google.Chrome.* rw, owner @{HOME}/.local/share/.com.google.Chrome.* rw,
# Cache files # Cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{CHROME_CACHEDIR}/{,**/} rw, owner @{CHROME_CACHEDIR}/{,**/} rw,
owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw, owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw,
owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw, owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox @{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox
profile google-chrome-chrome-sandbox @{exec_path} { profile google-chrome-chrome-sandbox @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable}
profile google-chrome-google-chrome @{exec_path} { profile google-chrome-google-chrome @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer}
profile opera @{exec_path} { profile opera @{exec_path} {
@ -78,7 +78,7 @@ profile opera @{exec_path} {
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
# Cache files # Cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{OPERA_CACHEDIR}/{,**/} rw, owner @{OPERA_CACHEDIR}/{,**/} rw,
owner @{OPERA_CACHEDIR}/**/{*-,}index rw, owner @{OPERA_CACHEDIR}/**/{*-,}index rw,
owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw, owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw,

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter @{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter
profile opera-crashreporter @{exec_path} { profile opera-crashreporter @{exec_path} {

View File

@ -8,7 +8,7 @@ include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox @{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox
profile opera-sandbox @{exec_path} { profile opera-sandbox @{exec_path} {

View File

@ -117,8 +117,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
# Silence denial logs about permissions we don't need # Silence denial logs about permissions we don't need
deny /dev/dri/ rwklx, deny /dev/dri/ rwklx,
deny @{HOME}/.cache/fontconfig/ rw, deny @{user_cache_dirs}/fontconfig/ rw,
deny @{HOME}/.cache/fontconfig/** rw, deny @{user_cache_dirs}/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw, deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw, deny @{HOME}/.config/gtk-2.0/** rw,
deny @{PROC}/@{pid}/net/route r, deny @{PROC}/@{pid}/net/route r,

View File

@ -33,14 +33,14 @@ profile blueman @{exec_path} {
/usr/share/blueman/{,**} r, /usr/share/blueman/{,**} r,
owner @{HOME}/.cache/blueman-tray-[0-9]* rw, owner @{user_cache_dirs}/blueman-tray-[0-9]* rw,
owner @{HOME}/.cache/blueman-services-[0-9]* rw, owner @{user_cache_dirs}/blueman-services-[0-9]* rw,
owner @{HOME}/.cache/blueman-adapters-[0-9]* rw, owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw,
owner @{HOME}/.cache/blueman-manager-[0-9]* rw, owner @{user_cache_dirs}/blueman-manager-[0-9]* rw,
owner @{HOME}/.cache/blueman-applet-[0-9]* rw, owner @{user_cache_dirs}/blueman-applet-[0-9]* rw,
owner @{HOME}/.cache/obexd/ rw, owner @{user_cache_dirs}/obexd/ rw,
owner @{HOME}/.cache/obexd/* rw, owner @{user_cache_dirs}/obexd/* rw,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/bluetooth*/ r, owner @{HOME}/bluetooth*/ r,

View File

@ -14,9 +14,9 @@ profile bluetoothctl @{exec_path} {
/etc/inputrc r, /etc/inputrc r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/.bluetoothctl_history rw, owner @{user_cache_dirs}/.bluetoothctl_history rw,
owner @{HOME}/.cache/.bluetoothctl_history-@{pid}.tmp rw, owner @{user_cache_dirs}/.bluetoothctl_history-@{pid}.tmp rw,
include if exists <local/bluetoothctl> include if exists <local/bluetoothctl>
} }

View File

@ -21,9 +21,9 @@ profile dconf-service @{exec_path} {
owner @{HOME}/.config/dconf/ rw, owner @{HOME}/.config/dconf/ rw,
owner @{HOME}/.config/dconf/user{,.*} rw, owner @{HOME}/.config/dconf/user{,.*} rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/dconf/ rw, owner @{user_cache_dirs}/dconf/ rw,
owner @{HOME}/.cache/dconf/user rw, owner @{user_cache_dirs}/dconf/user rw,
@{PROC}/cmdline r, @{PROC}/cmdline r,

View File

@ -46,12 +46,12 @@ profile anki @{exec_path} {
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
/usr/share/anki/{,**} r, /usr/share/anki/{,**} r,

View File

@ -20,8 +20,8 @@ profile appstreamcli @{exec_path} flags=(complain) {
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/appstream-cache-*.mdb rw, owner @{user_cache_dirs}/appstream-cache-*.mdb rw,
/usr/share/appdata/ r, /usr/share/appdata/ r,
/var/lib/app-info/yaml/ r, /var/lib/app-info/yaml/ r,

View File

@ -43,9 +43,9 @@ profile borg @{exec_path} {
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/borg/ rw, owner @{user_cache_dirs}/borg/ rw,
owner @{HOME}/.cache/borg/** rw, owner @{user_cache_dirs}/borg/** rw,
owner @{HOME}/.config/borg/ rw, owner @{HOME}/.config/borg/ rw,
owner @{HOME}/.config/borg/** rw, owner @{HOME}/.config/borg/** rw,

View File

@ -31,11 +31,11 @@ profile cawbird @{exec_path} {
owner @{HOME}/.config/cawbird/ rw, owner @{HOME}/.config/cawbird/ rw,
owner @{HOME}/.config/cawbird/** rwk, owner @{HOME}/.config/cawbird/** rwk,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/cawbird-* rw, owner @{user_cache_dirs}/cawbird-* rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,

View File

@ -59,8 +59,8 @@ profile engrampa @{exec_path} {
/tmp/ r, /tmp/ r,
owner /tmp/** rw, owner /tmp/** rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/.fr-*/{,**} rw, owner @{user_cache_dirs}/.fr-*/{,**} rw,
owner @{HOME}/.config/ r, owner @{HOME}/.config/ r,
owner @{HOME}/.config/mimeapps.list{,.*} rw, owner @{HOME}/.config/mimeapps.list{,.*} rw,

View File

@ -29,12 +29,12 @@ profile font-manager @{exec_path} {
/{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx, /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/font-manager/ rw, owner @{user_cache_dirs}/font-manager/ rw,
owner @{HOME}/.cache/font-manager/* rwk, owner @{user_cache_dirs}/font-manager/* rwk,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{HOME}/.config/font-manager/ rw, owner @{HOME}/.config/font-manager/ rw,
owner @{HOME}/.config/font-manager/* rw, owner @{HOME}/.config/font-manager/* rw,

View File

@ -27,12 +27,12 @@ profile fusermount @{exec_path} {
# Where to mount ISO files # Where to mount ISO files
owner @{HOME}/*/ rw, owner @{HOME}/*/ rw,
owner @{HOME}/*/*/ rw, owner @{HOME}/*/*/ rw,
owner @{HOME}/.cache/**/ rw, owner @{user_cache_dirs}/**/ rw,
# Be able to mount ISO images # Be able to mount ISO images
mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/,
mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/,
mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/,
mount fstype={fuse,fuse.*} -> /media/*/, mount fstype={fuse,fuse.*} -> /media/*/,
mount fstype={fuse,fuse.*} -> /media/*/*/, mount fstype={fuse,fuse.*} -> /media/*/*/,
# For MTP # For MTP
@ -47,7 +47,7 @@ profile fusermount @{exec_path} {
# Be able to unmount the ISO images # Be able to unmount the ISO images
umount @{HOME}/*/, umount @{HOME}/*/,
umount @{HOME}/*/*/, umount @{HOME}/*/*/,
umount @{HOME}/.cache/**/, umount @{user_cache_dirs}/**/,
umount /media/*/, umount /media/*/,
umount /tmp/.mount_*/, umount /tmp/.mount_*/,
umount @{run}/user/[0-9]*/**/, umount @{run}/user/[0-9]*/**/,

View File

@ -31,7 +31,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/etc/fwupd/** r, /etc/fwupd/** r,
# In order to get to this file, the attach_disconnected flag has to be set # In order to get to this file, the attach_disconnected flag has to be set
owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz r, owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r,
/usr/share/mime/mime.cache r, /usr/share/mime/mime.cache r,

View File

@ -17,9 +17,9 @@ profile fwupdmgr @{exec_path} flags=(complain) {
/{usr/,}bin/dbus-launch rCx -> dbus, /{usr/,}bin/dbus-launch rCx -> dbus,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/fwupd/ rw, owner @{user_cache_dirs}/fwupd/ rw,
owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz{,.*} rw, owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz{,.*} rw,
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw, owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw, owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw,

View File

@ -36,7 +36,7 @@ profile fzsftp @{exec_path} {
owner @{HOME}/.putty/randomseed rw, owner @{HOME}/.putty/randomseed rw,
# file_inherit # file_inherit
#deny @{HOME}/.cache/filezilla/** rw, #deny @{user_cache_dirs}/filezilla/** rw,
include if exists <local/fzsftp> include if exists <local/fzsftp>
} }

View File

@ -58,9 +58,9 @@ profile gajim @{exec_path} {
owner @{HOME}/.local/share/gajim/** rwk, owner @{HOME}/.local/share/gajim/** rwk,
# Cache # Cache
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/gajim/ rw, owner @{user_cache_dirs}/gajim/ rw,
owner @{HOME}/.cache/gajim/** rwk, owner @{user_cache_dirs}/gajim/** rwk,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

View File

@ -46,8 +46,8 @@ profile gtk-youtube-viewer @{exec_path} {
owner @{HOME}/.config/youtube-viewer/{,*} rw, owner @{HOME}/.config/youtube-viewer/{,*} rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/youtube-viewer/ rw, owner @{user_cache_dirs}/youtube-viewer/ rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

View File

@ -37,9 +37,9 @@ profile jgmenu @{exec_path} {
owner @{HOME}/.config/jgmenu/ rw, owner @{HOME}/.config/jgmenu/ rw,
owner @{HOME}/.config/jgmenu/** rw, owner @{HOME}/.config/jgmenu/** rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/jgmenu/ rw, owner @{user_cache_dirs}/jgmenu/ rw,
owner @{HOME}/.cache/jgmenu/** rw, owner @{user_cache_dirs}/jgmenu/** rw,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

View File

@ -41,8 +41,8 @@ profile keepassxc @{exec_path} {
owner @{HOME}/.config/keepassxc/ rw, owner @{HOME}/.config/keepassxc/ rw,
owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9], owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9],
owner @{HOME}/.cache/keepassxc/ rw, owner @{user_cache_dirs}/keepassxc/ rw,
owner @{HOME}/.cache/keepassxc/* rwkl -> @{HOME}/.cache/keepassxc/#[0-9]*[0-9], owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9],
# Database location # Database location
/ r, / r,

View File

@ -29,7 +29,7 @@ profile keepassxc-proxy @{exec_path} {
deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw, deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw,
# #
deny owner @{HOME}/.mozilla/** rw, deny owner @{HOME}/.mozilla/** rw,
deny owner @{HOME}/.cache/mozilla/** rw, deny owner @{user_cache_dirs}/mozilla/** rw,
deny owner /media/*/.mozilla/** rw, deny owner /media/*/.mozilla/** rw,
deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/firefox*/.parentlock rw,
deny owner /tmp/tmp-*.xpi rw, deny owner /tmp/tmp-*.xpi rw,

View File

@ -40,14 +40,14 @@ profile kscreenlocker-greet @{exec_path} {
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
owner @{HOME}/.cache/plasma-svgelements-default_v* r, owner @{user_cache_dirs}/plasma-svgelements-default_v* r,
# If one is blocked, the others are probed. # If one is blocked, the others are probed.
deny owner @{HOME}/#[0-9]*[0-9] mrw, deny owner @{HOME}/#[0-9]*[0-9] mrw,

View File

@ -30,7 +30,7 @@ profile kwalletd5 @{exec_path} {
owner @{HOME}/.config/kwalletrc r, owner @{HOME}/.config/kwalletrc r,
owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/kdeglobals r,
owner @{HOME}/.cache/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{HOME}/.local/share/kwalletd/ rw, owner @{HOME}/.local/share/kwalletd/ rw,
owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw, owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw,

View File

@ -45,7 +45,7 @@ profile kwalletmanager5 @{exec_path} {
owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk, owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk,
owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/kdeglobals r,
owner @{HOME}/.cache/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

View File

@ -54,16 +54,16 @@ profile minitube @{exec_path} {
# owner /tmp/.glvnd* mrw, # owner /tmp/.glvnd* mrw,
# Cache # Cache
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner "@{HOME}/.cache/Flavio Tordini/" rw, owner "@{user_cache_dirs}/Flavio Tordini/" rw,
owner "@{HOME}/.cache/Flavio Tordini/Minitube/" rw, owner "@{user_cache_dirs}/Flavio Tordini/Minitube/" rw,
owner "@{HOME}/.cache/Flavio Tordini/Minitube/**" rwl -> "@{HOME}/.cache/Flavio Tordini/Minitube/**", owner "@{user_cache_dirs}/Flavio Tordini/Minitube/**" rwl -> "@{user_cache_dirs}/Flavio Tordini/Minitube/**",
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

View File

@ -74,11 +74,11 @@ profile mkvtoolnix-gui @{exec_path} {
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw, owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw,
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9],
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/bunkus.org/ rw, owner @{user_cache_dirs}/bunkus.org/ rw,
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/ rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/ rw,
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/ rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw,
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,

View File

@ -44,7 +44,7 @@ profile mpsyt @{exec_path} {
owner @{HOME}/.config/mps-youtube/{,**} rw, owner @{HOME}/.config/mps-youtube/{,**} rw,
# Cache files # Cache files
owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw, owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw,
/etc/inputrc r, /etc/inputrc r,
/etc/mime.types r, /etc/mime.types r,

View File

@ -14,8 +14,8 @@ profile obexctl @{exec_path} {
/etc/inputrc r, /etc/inputrc r,
owner @{HOME}/.cache/.obexctl_history rw, owner @{user_cache_dirs}/.obexctl_history rw,
owner @{HOME}/.cache/.obexctl_history-@{pid}.tmp rw, owner @{user_cache_dirs}/.obexctl_history-@{pid}.tmp rw,
include if exists <local/obexctl> include if exists <local/obexctl>
} }

View File

@ -16,9 +16,9 @@ profile obexd @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/obexd/ rw, owner @{user_cache_dirs}/obexd/ rw,
owner @{HOME}/.cache/obexd/* rw, owner @{user_cache_dirs}/obexd/* rw,
owner @{HOME}/bluetooth/* rw, owner @{HOME}/bluetooth/* rw,

View File

@ -36,10 +36,10 @@ profile openbox @{exec_path} {
owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r, owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/openbox/ rw, owner @{user_cache_dirs}/openbox/ rw,
owner @{HOME}/.cache/openbox/openbox.log rw, owner @{user_cache_dirs}/openbox/openbox.log rw,
owner @{HOME}/.cache/openbox/sessions/ rw, owner @{user_cache_dirs}/openbox/sessions/ rw,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

View File

@ -28,7 +28,7 @@ profile pinentry-qt @{exec_path} {
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

View File

@ -44,7 +44,7 @@ profile polkit-kde-authentication-agent @{exec_path} {
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/kdeglobals r,
owner @{HOME}/.cache/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,

View File

@ -62,9 +62,9 @@ profile psi-plus @{exec_path} {
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
# Cache files # Cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/psi+/{,**} rw, owner @{user_cache_dirs}/psi+/{,**} rw,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

View File

@ -49,9 +49,9 @@ profile qbittorrent @{exec_path} {
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
# Cache dir # Cache dir
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qBittorrent/{,**} rw, owner @{user_cache_dirs}/qBittorrent/{,**} rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

View File

@ -32,9 +32,9 @@ profile qbittorrent-nox @{exec_path} {
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
# Cache dir # Cache dir
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qBittorrent/{,**} rw, owner @{user_cache_dirs}/qBittorrent/{,**} rw,
# Torrent files # Torrent files
/media/ r, /media/ r,

View File

@ -89,7 +89,7 @@ profile qnapi @{exec_path} {
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,

View File

@ -31,8 +31,8 @@ profile qt5ct @{exec_path} {
owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/kdeglobals r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,

View File

@ -50,11 +50,11 @@ profile quiterss @{exec_path} {
owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**, owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**,
owner @{HOME}/.local/share/QuiteRss/ rw, owner @{HOME}/.local/share/QuiteRss/ rw,
owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**, owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**,
owner @{HOME}/.cache/QuiteRss/ rw, owner @{user_cache_dirs}/QuiteRss/ rw,
owner @{HOME}/.cache/QuiteRss/** rwl -> @{HOME}/.cache/QuiteRss/**, owner @{user_cache_dirs}/QuiteRss/** rwl -> @{user_cache_dirs}/QuiteRss/**,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
deny @{PROC}/sys/kernel/random/boot_id r, deny @{PROC}/sys/kernel/random/boot_id r,

View File

@ -51,15 +51,15 @@ profile rpi-imager @{exec_path} {
owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw, owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw,
owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk, owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk,
owner "@{HOME}/.cache/Raspberry Pi/" rw, owner "@{user_cache_dirs}/Raspberry Pi/" rw,
owner "@{HOME}/.cache/Raspberry Pi/**" rwl -> "@{HOME}/.cache/Raspberry Pi/**", owner "@{user_cache_dirs}/Raspberry Pi/**" rwl -> "@{user_cache_dirs}/Raspberry Pi/**",
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

View File

@ -48,18 +48,18 @@ profile sddm-greeter @{exec_path} {
# All the following is for the test mode # All the following is for the test mode
#------------------------------------------------------------------ #------------------------------------------------------------------
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/sddm-greeter/ rw, owner @{user_cache_dirs}/sddm-greeter/ rw,
owner @{HOME}/.cache/sddm-greeter/qmlcache/ rw, owner @{user_cache_dirs}/sddm-greeter/qmlcache/ rw,
owner @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9], owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9],
owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9], owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
@ -72,9 +72,9 @@ profile sddm-greeter @{exec_path} {
owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/kdeglobals r,
owner @{HOME}/.config/plasmarc r, owner @{HOME}/.config/plasmarc r,
owner @{HOME}/.cache/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{HOME}/.cache/plasma_theme_*.kcache rw, owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{HOME}/.cache/plasma-svgelements-* rw, owner @{user_cache_dirs}/plasma-svgelements-* rw,
include <abstractions/qt5-compose-cache-write> include <abstractions/qt5-compose-cache-write>

View File

@ -105,7 +105,7 @@ profile smplayer @{exec_path} {
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.cache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

View File

@ -50,12 +50,12 @@ profile smtube @{exec_path} {
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
# Cache # Cache
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/smtube/ rw, owner @{user_cache_dirs}/smtube/ rw,
owner @{HOME}/.cache/smtube/* rwk, owner @{user_cache_dirs}/smtube/* rwk,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

View File

@ -64,15 +64,15 @@ profile strawberry @{exec_path} {
owner @{HOME}/.local/share/strawberry/ rw, owner @{HOME}/.local/share/strawberry/ rw,
owner @{HOME}/.local/share/strawberry/** rwk, owner @{HOME}/.local/share/strawberry/** rwk,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/strawberry/ rw, owner @{user_cache_dirs}/strawberry/ rw,
owner @{HOME}/.cache/strawberry/** rwl -> @{HOME}/.cache/strawberry/networkcache/prepared/#[0-9]*[0-9], owner @{user_cache_dirs}/strawberry/** rwl -> @{user_cache_dirs}/strawberry/networkcache/prepared/#[0-9]*[0-9],
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{HOME}/.cache/xine-lib/ rw, owner @{user_cache_dirs}/xine-lib/ rw,
owner @{HOME}/.cache/xine-lib/plugins.cache{,.new} rw, owner @{user_cache_dirs}/xine-lib/plugins.cache{,.new} rw,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,

View File

@ -28,7 +28,7 @@ profile strawberry-tagreader @{exec_path} {
# file_inherit # file_inherit
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,
owner @{HOME}/.anyRemote/anyremote.stdout w, owner @{HOME}/.anyRemote/anyremote.stdout w,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
include if exists <local/strawberry-tagreader> include if exists <local/strawberry-tagreader>
} }

View File

@ -27,10 +27,10 @@ profile tint2 @{exec_path} {
owner @{HOME}/.config/tint2/{,*} rw, owner @{HOME}/.config/tint2/{,*} rw,
# Tint2 cache files # Tint2 cache files
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/tint2/ rw, owner @{user_cache_dirs}/tint2/ rw,
owner @{HOME}/.cache/tint2/[0-9a-f]*.png w, owner @{user_cache_dirs}/tint2/[0-9a-f]*.png w,
owner @{HOME}/.cache/tint2/icon.cache rwk, owner @{user_cache_dirs}/tint2/icon.cache rwk,
# Launcher config files # Launcher config files
owner @{HOME}/.config/launchers/{,*.desktop} r, owner @{HOME}/.config/launchers/{,*.desktop} r,

View File

@ -29,7 +29,7 @@ profile tint2conf @{exec_path} {
owner @{HOME}/.config/tint2/ r, owner @{HOME}/.config/tint2/ r,
owner @{HOME}/.config/tint2/* rw, owner @{HOME}/.config/tint2/* rw,
owner @{HOME}/.cache/tint2/[0-9a-f]*.png r, owner @{user_cache_dirs}/tint2/[0-9a-f]*.png r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

View File

@ -84,12 +84,12 @@ profile vidcutter @{exec_path} {
# owner /tmp/#[0-9]*[0-9] mrw, # owner /tmp/#[0-9]*[0-9] mrw,
# owner /tmp/.glvnd* mrw, # owner /tmp/.glvnd* mrw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/qtshadercache/ rw, owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,

View File

@ -47,12 +47,12 @@ profile virt-manager @{exec_path} {
/usr/share/virt-manager/{,**} r, /usr/share/virt-manager/{,**} r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/virt-manager/ rw, owner @{user_cache_dirs}/virt-manager/ rw,
owner @{HOME}/.cache/virt-manager/** rw, owner @{user_cache_dirs}/virt-manager/** rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
# For disk images # For disk images
/media/ r, /media/ r,

View File

@ -15,8 +15,8 @@ profile xsel @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/.xsel.log rw, owner @{HOME}/.xsel.log rw,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/xsel.log rw, owner @{user_cache_dirs}/xsel.log rw,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,
owner /tmp/xauth-[0-9]*-_[0-9] r, owner /tmp/xauth-[0-9]*-_[0-9] r,

View File

@ -82,8 +82,8 @@ profile youtube-dl @{exec_path} {
/etc/mime.types r, /etc/mime.types r,
owner @{HOME}/.cache/ rw, owner @{user_cache_dirs}/ rw,
owner @{HOME}/.cache/youtube-dl/{,**} rw, owner @{user_cache_dirs}/youtube-dl/{,**} rw,
owner @{HOME}/.config/git/config r, owner @{HOME}/.config/git/config r,

View File

@ -34,7 +34,7 @@ profile youtube-viewer @{exec_path} {
/{usr/,}bin/wget rCx -> wget, /{usr/,}bin/wget rCx -> wget,
owner @{HOME}/.config/youtube-viewer/{,*} rw, owner @{HOME}/.config/youtube-viewer/{,*} rw,
owner @{HOME}/.cache/youtube-viewer/{,*} rw, owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
owner @{HOME}/Downloads/youtube-viewer/{,*} rw, owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
/etc/inputrc r, /etc/inputrc r,

View File

@ -74,7 +74,7 @@ profile ytdl @{exec_path} {
/etc/mime.types r, /etc/mime.types r,
# Needed when displaying info on available formats # Needed when displaying info on available formats
owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js*.json r, owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js*.json r,
include if exists <local/ytdl> include if exists <local/ytdl>
} }